I think I've almost worked through this, but am still stuck. First, what I've done:

I'm using Maven and didn't have blazeds-opt as a dependecy in my .war assembly. Adding it provides the TomcatLoginCommand class that was missing.

After adding the above I was still missing the TomcatValve class. From what I can tell it's necessary for me to get flex-tomcat-common.jar on the classpath. I've tried adding it to WEB-INF/lib and to GLASSFISH_HOME/glassfish/domains/domain1/lib. Neither seem to work.

I've also seen a couple references to adding flex-tomcat-server.jar when using Tomcat, so I've tried adding it the same as flex-tomcat-common.jar.

I've tried defining a TomcatValve in sun-web.xml, but I have no idea where the valve_1 property name comes from. I simply copied it from the example blog I linked above.

Fault on login [FaultEvent fault=[RPC Fault faultString="Please set up a TomcatValve as described in the documentation." faultCode="Server.Processing" faultDetail="null"] messageId="37BDF419-600D-4BCE-8E93-389276905A18" type="fault" bubbles=false cancelable=true eventPhase=2]

Since Glassfish v3 is supposed to support Tomcat style valves, I was thinking it should be easy to get working. Any help that anyone can give me would be appreciated.

I'd also be appreciative if anyone can give any links to documentation that gives a high level description of the login process. I read through most of the sources, but, by the time I get all the way back to the application server, it feels like the actual login process has jumped through a ton of hoops. Why does it have to be so complicated?

When I apply this and I call again blazeDS with my Flex application, a windows asks me a 'login' and 'password'. I suppose that it's a user describe by my Glassfish server but I have no idea of where I can find this. Could you tell me what's this famous LOGIN?

By the way, I'm not able to create a 'custom authentification' with glassfish. If someone have some tutorials or helps, I would be glad.

Can you elaborate on what kind of solution you're trying to come up and what you're having trouble with? Can you get BASIC authentication to work with a simple web.xml configuration that sets your .swf as a protected resource? I found that to be a good starting point.

I'm still watching this thread, so feel free to post again and I'll try to help if I can.

I didn't see you replied again before I posted. What happens when you enter a username and password? Do you get an error or does it just keep asking in a continuous loop?

Is there any info in your Glassfish logs (server.log)? I gave up on the BlazeDS config a while ago, so I'm not positive how to configure it. One thing I don't see in your configuration are any role mappings. It sounds like you're struggling with the Glassfish side of things a little, so I'll post some info on a really simple configuration for you.

Note the MessageBrokerServlet configuration, specifically the <servlet-name>. You probably have something similar. The <servlet-mapping> means all requests to urls like 'http://my.domain.com/contextroot/messagebroker/amf' will be processed by the MessageBrokerServlet. The <security-constraint> configuration restricts all requests to '/messagebroker/*'. Basically all requests to the MessageBrokerServlet will require authentication.

All of the roles in your application need to get listed in the <security-role> section. Each role needs to be mapped to a 'Principal' on the Glassfish server. I'm not positive, but I think the 'Default Principal To Role Mapping' will automatically map users defined as being of the role 'tech' to the 'tech' user (principal) or possibly the 'tech' group. I'm a little unclear on how it works with the group list.

The final parts are the <login-config> and <auth-constraint> sections. The login config defines the realm to use (file in this example). The auth-constraint section says that access to the listed resources should be restricted to users in the 'tech' role.

The whole process is something like this:

1) Only users in the role 'tech' can access urls that match /messagebroker/*.

2) The role of tech is defined and mapped to a principal (or group of principals) within the file realm on the server.

3) The 'Default Principal To Role Mapping' option in glassfish automatically maps the tech role to the tech principal (user) or group (I'm not actually sure which one). I think you'd normall need to configure this somewhere and map the roles in your flex application to groups in your security realm.

Try creating a configuration like the above. Ignore the BlazeDS portion of the configuration to start with and see if you can get it working with just web.xml. After you get that working and know you can actually authenticate to the container (Glassfish), then you can go back to trying to get the BlazeDS side of things configured / mapped.

If it's not triggering the BASIC authentication then your Flex application must not be accessing /messagebroker/*. Do you have any other servlets mapped that could be getting used for your channel configs?

I haven't learned all the options and cleaned them up. They're hacked together from samples I've seen all over the internet. They're probably the minimum required to get anything to run. Feel free to make suggestions. I'm sure both can be improved (I'm more of a Java person than a Flex person - for now

I think I'm running into this same problem and would love to try the jar files with your fix, but when I try to download them, it wants me to login. Are they accessible somewhere else that doesn't require a login?

I also tried to download the latest nightly build for BlazeDS (4.6.0.xxx) thinking that the problem may have been fixed there, but it complains about not finding the server flexorg.wip3.adobe.com. Is the problem fixed in those builds and if so, are the downloads accessible from somewhere else?

BTW, I had everything working previously, but now that I've upgraded the glassfish server, etc. the error I get when I try to authenticate is: